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Joshua Marpet 



Who is this guy? 



Josh has done everything. I've been a cop, an Infragard/OWASP/HTCIA/FLEA and ASTM 
member, a volunteer fireman, a blacksmith and a horse dentist. No joke. 

My passion is the chasm between Information Security and Physical Security. What 
people don't realize is that there is no difference. Locks are locks. I can pick some, and 
perform SQL injection on others. So what if one's on a web page, and one's on a door? 



love breaking into places, and showing the people who "secured" it, how to fix the 
problem. 



Quadling@datadevastation.com 




Video Surveillance 



Prevalence - How often does a camera look at me every day? 

Legality - When can someone record me? 

Hackability 

. Camera Hacks 

. Video System Hacks 
Compression Schemas 
Video Seizure Lessons 
CSI - Why I hate the show 
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Comedy Of Errors: Cameras Didn't Work At 
Newark 

Sources Tel] CBS 2 That TSA Surveillance Cameras Were 
Inoperable At Time Of Terminal C Security Breach 

TSA Apparently Didn't Know Number For Continental To Get Other Footage 

U CBS News Interactive: Eye On Ai r Safety 



NEWARK (CBS)— It's a tale of shockirg 
ineptitude: CBS 2 has learned a series of 
missteps unnecessarily added to the 
mayhem at Newark Liberty International 
Airport on Sunday. The six- hour delay 
stranded thousands of people, creating 
extreme crowding and chaos. 




Reporting 
Marcia Kramer 



The mistakes made at the airport give new meaning to the 
term "domino effect." It was a cascading series of missteps 
that cry out for action. 

The signattlie Transportation Security Administration 
scieening post at Newark lead: "Piemises Under Constant 
Video Surveillance." 

What is should add is: 'If We're Lucky. 1 
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Click 1o enlarge 



Thousands of people found 
the m se I ve s bunc hed tocjethe r 
inside Newark Liberty International 
Airport after a security breach 
prompted the closir^ of a terminal 
for seveial hours Jan. 3, 2010. 
CBS 
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Dell Tech Support Remotely Turns Woman's Webcam On Without Permission - Dell - Gizmodo - Mozilla Firefox 
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Dell Tech Support Remotely Turns Woman's 
Webcam On Without Permission 




Dianne Annunziato is accusing a Dell technician of becoming a virtual peeping Tom during a 
supportcall by remotely turning on her webcam. 
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By Sean Fallon 
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Slate Showdown: iPad 
vs. HP Slate vs. 
JooJoo vs. Android 
Tablets & More 
(UPDATED) 




Dell Adamo Drops 
Under $1000 




Remainders - The 
Things We Didn't 
Post: Eurotrip Edition 
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Police fight cellphone recordings 

Witnesses taking audio of officers arrested, charged with illegal surveillance 

By Daniel Rowinski 

New England Center For Investigative Reporting « r January 12, 2010 

E3 E-mail I \^\ Print I ljj|] Reprints I |jj) Yahoo! Buzz I |9 ShareThis Tesa^ize 

Simon Glik, a lawyer, was walking down Tremont Sueet in Boston when he saw three 
police officers snuggling to extract aplastic bag horn a teenager's mouth. Thinking 
their force seemed excessive for a drug arrest, Glik pulled out his cellphone and began 
recording. 
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Within minutes, Glik said, he was in handcuffs. 

Mm I "Q d™^ I I C C 

com mf nts f?<m "One of the officers asked me whether my phone had 

audio recording capabilities," Glik, 33, said 
recently of the incident, which took place in October 
2007. Glik acknowledged that it did, and then, he said, "my phone was seized, and I 
was arrested." 

The charge? Illegal electronic surveillance. 

Jon Surmacz, 34, experienced a similar - situation. Thinking that Boston police officers 
were unnecessarily rough while breaking up a holiday party in Brighton he was 
attending in December 2003, he took out his cellphone and began recording. 

Police confronted Surmacz, a webmaster at Boston University. He was arrested and, 
like Glik, charged with illegal surveillance. 

There are no hard statistics for video recording arrests. But the experiences of Surmacz 
and Glik highlight what civil libertarians call auoubling misuse of the state's 
wiretapping law to stifle the kind of meet-level oversight that cellphone and video 
technology make possible. 

"The police apparently do not want witnesses to what they do in public," said Sarah 
Wunsch, a staff attorney with the American Civil Liberties Union of Massachusetts, 
who helped to get the criminal charges against Surmacz dismissed. 



Hackability 



Nanny-Cam May Leave a Home Exposed 
Sat Apr 13, 2:55 PM ET 

By JOHN SCHWARTZ The New York Times 

Thousands of people who have installed a popular wireless video camera, 
intending to increase the security of their homes and offices, have instead 
unknowingly opened a window on their activities to anyone equipped with a 
cheap receiver. 

The wireless video camera, which is heavily advertised on the Internet, is 
intended to send its video signal to a nearby base station, allowing it to be 
viewed on a computer or a television. But its signal can be intercepted from 
more than a quarter-mile away by off-the-shelf electronic equipment costing 
ess than $250. 



Compression Schemas 

H.264 / MPEG-4 AVC 

Overview 

H.264 is also known as MEPG-4 AVC. H.264 uses the latest innovations in video compression 

technology to provide consistently crisp and clear video for the best possible viewing. 

Pros 

* H.264 delivers incredible video quality at data rates one-fourth to one-half the size of previous 
video formats 

* H.264 offers dramatically lower bit rates and better picture quality than MPEG-2, MPEG-4 or 
H.263+ 

* It is 2X times more efficient than MPEG-4. and file size is 3X times smaller than comparable 
MPEG-2 Codecs 

* It is easy to integrate and covers wide range of picture format. Hence used in large application 
segment. 

Cons 

* H.264 requires longer encoding time 

* It is certainly not constricted and low-bandwidth friendly 

* More Hardware overhead is also one of the limiting factor 

* Licensing agreements are complicated. 

MPEG-4 

Overview 

MPEG-4 is a standard currently under development for the delivery of interactive multimedia across 

networks. As such, it is more than a single codec, and will include specifications for audio, video, and 

interactivity. 

Pros 

* Good image quality at low data rates 

Cons 

* Standard is still being designed 



Video Surveillance Seizure Lessons: 

Lesson 1 : When involved in an incident likely to go to court, get out there 
with a lawyer within 3 days to collect video to support your side of the 
lawsuit. 

Lesson 2: 

Get a court order/subpeona for the footage. This gives a business or 

person legal liability mitigation. 

Lesson 3: 

Take a picture of the clock on the video system, with a clock that is atomic 

synchronized.. 

Lesson 4: 

Make sure you get a copy of the player program. 

Lesson 5: 

The CSI Effect is real. The CSI Science is not, mostly. 



Video analytics 



Reliability - Is it Consistent? 

Validity - Does it alarm for the correct conditions? 

Implementation - How do I get this? 

Hacking - How do I break it? 




What is Video Analytics? 

Interpretation of a video stream, done either in real 
time, or performed on a recorded stream. 
There are different types of Video Analytics, 
including: 

Motion Detection 

Facial Recognition 

License Plate Recognition 

Package Leave Behind 

Line Crossing ("Trip-Wire Detection") 

People Counting 

Incident Alerting 

Motion/Trajectory Tracking 

Currency Checking 

Smoke and Fire Alerting 



Photomanipulation - a type of Video analytics 
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Spanish MP's photo used for Osama Bin Laden poster 




A DYE 



A photo of Bin Laden from 1998 (left) was digitally altered using elements from an image of 
Gas par Llamazares (right) 

A Spanish politician has said he was shocked to find out the FBI had used 
his photo for a digitally-altered Image showing how Osama Bin Laden 
might look. 
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License Plate Recognition 
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Face Research » Demos » Scramble 

Female monkey 
Male monkey 
Female human 



Male human 
Averted Gaze 
Direct Gaze 



A new series of studies we are running in the lab is examining pupil responses to faces. We 
want to test if the pupil responds differently, iby contracting and dilating, to human faces 
and also to macaque (a type of monkey) faces. 
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The pupil responds to changes in light in order for you to see in bright light or in darkness, so 
we have to control for any differences in light levels in the different types of faces. This way 
we can compare the pupil responses between faces and images that are not faces, but 
have some of the same visual properties as faces. We do this by scrambling the faces so 
that they retain all the same visual information (middle image). Since the face images we 
use are symmetrical, we also make the scrambled faces symmetrical (right image), 

Rate this demo 



75,744 visitors since 17-01-07 



Contact faceresearch@abdn.ac.uk wilh questions, comments and for more information. 
Please do not email requesting stimuli. See our FAQ. 
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Buildings that know when they need to be fixed before something breaks; sensors thaye 
the fire department details of afire before they receive the emergency phone call; smarr 
water and sewage systems that filter and recycle water... 



1 . Cities will have healthier Immune Systems 

2. City Buildings will respons like living organisms. 

4. Smarter Cities will quench cities thirst for water and save energy 

5. Cities will respond to a crisis, even before receiving an emergency phone call 



Implementation 



Problems 



•Customers expect it to be a magic bullet, 

capable of spotting criminals and terrorists 

in a single bound. It's not. 

•Integrators don't realize how much time 

and effort it takes to train the system. 

•Total screwup of implementations is 

common. 

•It's fairly sensitive technology, able to be 

avoided with a few simple steps. 

•The consequences of adding Video 

Analytics to the corporate network are not 

foreseen. 

•The consequences of adding Video 

Analytics to the corporate storage San are 

not foreseen. 


Suggestions 


•Have a manufacturer's representative go 
over the requirements with you, and sign 
off on them, that the Video Analytics 
system will perform to those specs. 
•Use the manufacturer's rep to help with 
calibration and installation. 
•Have clearly defined goals for the system. 
•Use a manufacturer's demo system to 
show the client how the system works, and 
what it cannot do. 

•Train at least one person at the client how 
to maintain and calibrate the system, so 
you don't get called out to do it many many 
many times. 

•Demonstrate to the client, and have them 
sign off on the system, after that have 
tested it with their own people. 





Video Analytics Hacking 



Non-Techie Hacks 





Video Analytics Tech Hacks 



Microsoft 





Windows 2000 

Family 




B jilt on Nf technology- 




starting up.. 
Copyright© 1985-1999 Microsoft Corporation 




Lots of Video servers run these 
OS'es, and all IP cameras have 
RJ-45, normally going straight 
to the Corporate Network 





Conclusions? 



Joshua Marpet 
quadling@datadevastation.com 



